Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/u7SrUaeTfqqFlK6M8OkfEL87nc0.roa
File:                     u7SrUaeTfqqFlK6M8OkfEL87nc0.roa (raw, json)
Hash identifier:          GsWYYAbN0tIazsbVktNVPeSXTKT3C0hkv53fF6GKkZI=
Subject key identifier:   BB:B4:AB:51:A7:93:7E:AA:85:94:AE:8C:F0:E9:1F:10:BF:3B:9D:CD
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019DCEA7A788A0B275BAE456C1C03D5AD9BD
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/u7SrUaeTfqqFlK6M8OkfEL87nc0.roa
Signing time:             Mon 27 Apr 2026 11:16:27 +0000
ROA not before:           Mon 27 Apr 2026 11:16:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198383
IP address blocks:        94.241.162.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 02:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:a7:a7:88:a0:b2:75:ba:e4:56:c1:c0:3d:5a:d9:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Apr 27 11:16:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bbb4ab51a7937eaa8594ae8cf0e91f10bf3b9dcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:dd:10:6c:30:39:5b:03:57:1d:50:30:df:2a:
                    bd:c3:0b:fb:76:eb:e7:87:35:c0:86:cd:5a:5e:c7:
                    7f:f7:d3:f7:f9:90:11:28:bf:29:96:0b:03:0b:14:
                    ad:32:0f:06:dc:b8:44:35:27:bb:05:f7:a6:1f:78:
                    b5:7d:f5:a9:9e:be:20:59:9c:1a:0c:55:b1:bd:a4:
                    79:11:a9:c6:ec:12:26:67:af:20:9e:f9:74:47:d3:
                    c1:10:bb:1d:99:38:98:ce:23:97:a6:ae:49:8e:2d:
                    a9:ae:15:a0:c3:11:41:ea:4b:bf:56:ff:69:da:30:
                    20:b8:f0:45:12:59:28:d8:1f:83:28:b7:eb:c3:fb:
                    35:21:bb:e4:01:cb:58:79:1c:5d:28:04:d6:c4:23:
                    d5:1b:5b:d2:c9:c2:a4:c1:40:5e:ab:d7:2e:89:62:
                    31:f9:52:ef:66:98:50:f3:ea:0c:fd:6a:27:96:f7:
                    1a:02:bd:83:00:8b:82:30:75:01:a1:14:22:cf:ea:
                    ee:87:a3:1d:34:3b:89:b3:0a:82:da:2f:63:d7:db:
                    ab:cd:57:69:79:97:4f:82:47:4f:d0:a9:b5:51:38:
                    63:72:38:ce:78:f4:1d:27:6e:26:5a:73:63:ee:b1:
                    b1:66:32:48:f1:a9:7c:f8:1a:84:1a:bc:2b:22:97:
                    7d:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:B4:AB:51:A7:93:7E:AA:85:94:AE:8C:F0:E9:1F:10:BF:3B:9D:CD
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/u7SrUaeTfqqFlK6M8OkfEL87nc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.241.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:15:8e:07:3b:53:de:e4:8d:5c:c4:0f:5c:67:f7:ca:87:26:
         cd:a4:b0:34:d4:b0:ba:71:19:dd:b1:55:77:9a:13:47:15:1b:
         98:48:0f:e1:59:dd:ee:ef:89:66:d0:b0:20:10:43:85:41:94:
         fb:8b:5c:f7:91:e4:88:82:8f:08:93:2d:8f:8b:33:2e:28:0c:
         15:fc:15:73:b4:7d:d1:20:2a:2b:b3:7b:ac:54:07:e9:48:4a:
         dd:fa:fe:11:c4:fa:28:c4:17:d2:20:b0:b9:a3:e1:0f:c5:ca:
         66:1b:a4:9d:56:a3:7d:41:1a:40:a5:7d:bd:f4:c8:0e:23:f2:
         d5:29:c2:5a:dc:6a:b8:8e:c5:96:0e:01:29:a8:36:71:76:e7:
         eb:0a:cd:44:43:62:41:00:ae:47:b6:3d:5e:ff:ad:10:5c:87:
         51:68:dc:43:3a:a6:4a:6f:36:78:b8:72:0b:e4:e5:76:5e:cb:
         86:28:c3:a1:0f:d0:38:af:16:b8:94:f8:58:0f:25:5f:64:29:
         5c:f0:63:7c:2c:63:ac:f5:c4:1e:c0:8c:69:85:08:73:f1:81:
         de:ae:95:2c:87:4b:e1:ea:10:9a:f1:73:6c:a0:ff:23:8b:f2:
         41:5f:fd:27:8f:89:f4:dc:2f:e6:5d:af:09:2a:93:fa:97:cd:
         9c:09:eb:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3Op6eIoLJ1uuRWwcA9Wtm9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwNDI3MTExNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmI0YWI1MWE3OTM3ZWFhODU5NGFlOGNmMGU5MWYxMGJmM2I5ZGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu90QbDA5WwNXHVAw3yq9wwv7duvn
hzXAhs1aXsd/99P3+ZARKL8plgsDCxStMg8G3LhENSe7BfemH3i1ffWpnr4gWZwa
DFWxvaR5EanG7BImZ68gnvl0R9PBELsdmTiYziOXpq5Jji2prhWgwxFB6ku/Vv9p
2jAguPBFElko2B+DKLfrw/s1IbvkActYeRxdKATWxCPVG1vSycKkwUBeq9cuiWIx
+VLvZphQ8+oM/WonlvcaAr2DAIuCMHUBoRQiz+ruh6MdNDuJswqC2i9j19urzVdp
eZdPgkdP0Km1UThjcjjOePQdJ24mWnNj7rGxZjJI8al8+BqEGrwrIpd9/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLu0q1Gnk36qhZSujPDpHxC/O53NMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvdTdTclVhZVRmcXFGbEs2TThPa2ZFTDg3bmMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXvGiMA0G
CSqGSIb3DQEBCwUAA4IBAQCTFY4HO1Pe5I1cxA9cZ/fKhybNpLA01LC6cRndsVV3
mhNHFRuYSA/hWd3u74lm0LAgEEOFQZT7i1z3keSIgo8Iky2PizMuKAwV/BVztH3R
ICors3usVAfpSErd+v4RxPooxBfSILC5o+EPxcpmG6SdVqN9QRpApX299MgOI/LV
KcJa3Gq4jsWWDgEpqDZxdufrCs1EQ2JBAK5Htj1e/60QXIdRaNxDOqZKbzZ4uHIL
5OV2XsuGKMOhD9A4rxa4lPhYDyVfZClc8GN8LGOs9cQewIxphQhz8YHerpUsh0vh
6hCa8XNsoP8ji/JBX/0nj4n03C/mXa8JKpP6l82cCev5
-----END CERTIFICATE-----